Yellow Dog Linux Security Advisory: YDU-20030607-1

Terra Soft Security Team yellowdog-updates@lists.terrasoftsolutions.com
Tue, 10 Jun 2003 14:54:14 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	ghostscript
Issue Date:	Jun 07,2003   
Priority:	medium
Advisory ID: 	YDU-20030607-1


1. 	Topic:

	Updated ghostscript packages are available.


2. 	Problem:
	
	"GNU Ghostscript is an interpreter for the PostScript language, and is often
	used when printing to printers that do not have their own built-in
	PostScript interpreter.

	A flaw in unpatched versions of Ghostscript before 7.07 allows malicious
	postscript files to execute arbitrary commands even with -dSAFER enabled. 

	Users of Ghostscript are advised to upgrade to these updated packages,
	which contain a backported patch and are not vulnerable to this issue."
	
	(From Red Hat Advisory)

3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install ghostscript

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/ghostscript-7.05-32.1.ppc.rpm
			ppc/ghostscript-devel-7.05-32.1.ppc.rpm
			ppc/hpijs-1.3-32.1.ppc.rpm

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
321e4c2012be50847425f96eaa164d13  SRPMS/ghostscript-7.05-32.1.src.rpm
8d3cf8db0e2a4eecec3fe794f9fa2389  ppc/ghostscript-7.05-32.1.ppc.rpm
fdd0fc79f2994258fa5d300fefeed81e  ppc/ghostscript-devel-7.05-32.1.ppc.rpm
9690e19cfffe5f45b04e67296d9461b1  ppc/hpijs-1.3-32.1.ppc.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml